VERY IMPORTANT

We analyzed a fileless malware with multiple .BAT attachments and a batch file from IoCs reported by researchers online that was capable of opening an IP address, downloading a PowerShell with a banking trojan payload, and installing a hack tool and an information stealer. Looking further, we observed it stealing machine information and user credentials, scanning for strings related to three specific Brazilian banks (Banco Bradesco, Banco do Brasil, and Sicredi) and other possible network connections via saved Outlook contacts, and installing the hack tool RADMIN. Our telemetry showed the highest infection attempts in Brazil and Taiwan.